Introduction

The information and tables on this page are here for statistical and informational purposes. They are not here as a shaming point for any of the ASN owners. There are some on the list that are very diligent in pursuing and shutting down malicious and criminal behavior. This may not alway be clearly visible when some of the statistics may appear to show a poor performance in comparison to others. There are some very poor performers on the list that have excellent statistics. The difference is intent and action. The good ones shutdown what they can, but do their due diligence. The bad ones warn the criminals and many times help them move to a new location within the same network.

There are also those that host a variety of public services such as free email, web services, and even IRC. These are very frequently abused by malicious behavior and can be difficult to remediate and correct. These free services are often use as a play ground for those that are beginning their malicious and criminal career.

Our goal is to help by providing information to those that can do something, not attempt to shame anyone into an action. Because in the end, you can only attempt to embarrass the good ones, the bad ones really do not care.

Explanation

These reports are based off of all the active and inactive Command and Control (C&C) points that we have tracked and are currently tracking. The columns are defined as follows:

Number - The total number of C&C's hosted within that ASN

Closed - What percent of the C&C's that are now inactive

CC DDOS - The number of DDOS attacks issued from that C&C's within that ASN

CC Scans - The number of scans into other networks the C&C's issues from that ASN

CC CHosts - The number of successful compromises completed by that C&C's within that ASN

TGT DDOS - The number of DDOS attacks that were targeted to this ASN

TGT Scans - The number of scans that were targeted to this ASN

TGT CHosts - The number of hosts compromised within this ASN

Note: This data is only complete within the scope of what we were either able to observe or capture. It in no way represents the totality of DDOS attacks, scans, nor compromised hosts found on the Internet.